escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
?>
<h2>Edit Project: <?php
echo $name;
?>
</h2>
<form name="projectNew" method="post" action="projectSave.php">
<table>
errAndDie('Required information not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not delete posts.');
}
mysqlSetup();
escapes('userName', $userName);
if ($userType == NORMAL) {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}' AND `user` = '{$muserName}'";
} else {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}'";
}
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.');
}
if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) {
errAndDie('Admins can only delete their own news posts.');
}
$projid = $row['projid'];
$isNews = isNews($projid);
escapes('projid', $projid);
$sqlquery = "DELETE FROM `pb_blog` WHERE `id` = '{$mpostid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>Post Deleted.</h3>';
if (!$isNews) {
print "<p><a href=\"projectInfo.php?projid={$urlprojid}\">Back to project page.</a></p>";
} else {
print "<p><a href=\"news.php\">Peanut Butter News</a></p>";
}
emitBottom();
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Posts -> New Post', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
print '<h3>Project not found.</h3>';
emitBottom();
die;
}
} else {
errAndDie('Project not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
errAndDie('Sorry, only admins may create news posts.');
}
?>
<h2>New Post for: <?php
echo $name;
?>
</h2>
<form name="postNew" method="post" action="postSave.php?projid=<?php
echo $urlprojid;
?>
">
<table>
<tr>
<th>Title:</th>
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Info: ' . $name, $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Projects -> Info [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Project id not specified.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects` WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if ($row = mysql_fetch_assoc($result)) {
$name = $row['name'];
?>
<h2><?php
echo $name;
if ($userType == SITEADMIN || $userType == ADMIN && $row['owner'] == $userName) {
print " <a href=\"projectEdit.php?projid={$urlprojid}\">Edit</a>";
print " <a href=\"projectDelete.php?projid={$urlprojid}\">Delete</a>";
}
?>
</h2>
errAndDie('Required Information not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not edit posts.');
}
mysqlSetup();
$sqlquery = "SELECT `title`,`text`,`user`,`projid` FROM `pb_blog`" . " WHERE `id` = '{$mpostid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_row($result))) {
print '<h3>Post not found.</h3>';
emitBottom();
die;
}
$user = $row[2];
if ($userType == NORMAL && $userName != $user) {
errAndDie('Sorry, you may only edit your own posts.');
}
escapes('projid', $row[3]);
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
?>
<h2>Editing Post for: <?php
echo $name;
?>
</h2>
<?php
$title = htmlentities($row[0]);
$text = $row[1];
?>
<form name="postEdit" method="post" action="postSave.php?projid=<?php
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> REMOVE', $_SERVER['PHP_SELF']);
if ($userType != ADMIN && $userType != SITEADMIN) {
print '<h3>Sorry, only admins/siteadmins can remove searches.</h3>';
emitBottom();
die;
}
if (!isset($_GET['age'])) {
errAndDie('No age specified.');
}
$age = mysql_escape_string($_GET['age']);
$urlage = urlencode($_GET['age']);
if (isset($_GET['confirm'])) {
mysqlSetup();
$sqlquery = "DELETE FROM `pb_searches` WHERE `lastused` < SUBDATE(NOW(),{$age})";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print "<h3>Searches removed.</h3>";
print '<a href="projectManagement.php">Back to Project Management</a>';
} else {
mysqlSetup();
$sqlquery = "SELECT `name`,`owner`,`lastused` FROM `pb_searches` WHERE " . "`lastused` < SUBDATE(NOW(),{$age}) ORDER BY `name` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$es = '';
if ($count != 1) {
$es = 'es';
}
print "<h3>{$count} search{$es} older than {$age} days:</h3>\n";
if ($count) {
$isNews = isNews($projid);
emitTop('Peanut Butter -> Posts -> Management', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
print '<h3>Project not found.</h3>';
emitBottom();
die;
}
} else {
emitTop('Peanut Butter -> Posts -> Management [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Project not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins can manage posts.');
}
if (!$isNews && $userType == ADMIN && $userName != $owner) {
errAndDie('Sorry, admins can only manage posts for their own projects.');
}
?>
<h2>Posts for: <?php
echo $name;
?>
</h2>
<?php
if (!$isNews) {
print '<p><a href="projectInfo.php?projid=' . $urlprojid . '">Back to project page</a></p>';
} else {
print '<p><a href="news.php">Back to news</a></p>';
}
?>
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> New/Edit', $_SERVER['PHP_SELF']);
if ($userType == VISITOR) {
errAndDie('Sorry, you must be registered to make searches.');
}
if (!isset($_GET['id'])) {
errAndDie('No search specified.');
}
escapes('id', $_GET['id']);
if (isset($_POST['savesearch'])) {
mysqlSetup();
if (!isset($_POST['keywords']) || !isset($_POST['keyname']) || $_POST['keywords'] == '' || $_POST['keyname'] == '') {
print '<h3>Missing information.</h3>';
} else {
escapes('keywords', $_POST['keywords']);
escapes('keyname', $_POST['keyname']);
escapes('username', $userName);
mysqlSetup();
$sqlquery = "UPDATE `pb_searches` SET `name` = '{$mkeyname}', `owner` = " . "'{$musername}', `terms` = '{$mkeywords}', `lastused` = NOW() WHERE " . "`id` = '{$mid}' LIMIT 1";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>Search has been saved.</h3>';
print '<a href="projectManagement.php">Back to Project Management</a>';
emitBottom();
die;
}
}
?>
<h3>Enter keywords, separated by commas:</h3>
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
errAndDie('Sorry, only admins/siteadmins may post news events.');
}
if (!isset($_POST['text']) || !isset($_POST['title'])) {
errAndDie('Missing data.');
}
mysqlSetup();
escapes('text', $_POST['text']);
escapes('title', $_POST['title']);
escapes('userName', $userName);
if (isset($_POST['modified'])) {
if (!isset($_POST['postid'])) {
errAndDie('Post ID not specified.');
}
$mpostid = mysql_escape_string($_POST['postid']);
$sqlquery = "UPDATE `pb_blog` SET `modified` = NOW(), " . "`title` = '{$mtitle}', `text` = '{$mtext}' WHERE " . "`id` = '{$mpostid}' AND `user` = '{$muserName}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
} else {
$sqlquery = "INSERT INTO `pb_blog` (`projid`,`added`,`modified`,`user`,`title`," . "`text`) VALUES ('{$mprojid}',NOW(),NOW(),'{$muserName}','{$mtitle}','{$mtext}')";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
}
if (mysql_affected_rows()) {
print "<h3>Posted.</h3>";
} else {
print "<h3>Post unsuccessful.</h3>";
}
if (!$isNews) {
print "<p><a href=\"projectInfo.php?projid={$urlprojid}\">View Project Page</a></p>";
if (isset($_POST['modified'])) {
if (!isset($_POST['projid'])) {
errAndDie('Project ID not specified.');
}
$projid = $_POST['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, admins may only edit their own projects.');
}
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
if (isNews($projid)) {
errAndDie('You cannot edit a project with id = -1');
}
$sqlquery = "UPDATE `pb_projects` " . "SET `name` = '{$mName}', " . "`modified` = NOW(), " . "`description` = '{$mDescription}', " . "`keywords` = '{$mKeywords}', " . "`status` = '{$mStatus}', " . "`progress` = '{$mProgress}', " . "`priority` = '{$mPriority}', " . "`deadline` = '{$mDeadline}', " . "`notes` = '{$mNotes}' " . "" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$numrows = mysql_affected_rows();
if (!$numrows) {
print '<h3>Update unsuccessful.</h3>';
} else {
print "<h3>Edited.</h3>";
}
} else {
$sqlquery = "INSERT INTO `pb_projects` (`name`,`owner`,`added`,`modified`," . "`description`,`keywords`,`status`,`progress`,`priority`," . "`deadline`,`notes`) VALUES ('{$mName}','{$mOwner}',NOW(),NOW(),'{$mDescription}'," . "'{$mKeywords}','{$mStatus}','{$mProgress}','{$mPriority}'," . "'{$mDeadline}','{$mNotes}')";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print "<h3>Created.</h3>";
$projid = mysql_insert_id();
escapes('projid', $projid);
